Shannon Maiolica

Information Technology Assurance & Auditing

Professor Aileen L. Farrelly, CPA, MS

April 26, 2013

Table of Contents

Description of Encryption

Description and Brief History2

Types of Encryptions

Private Key Encryption, Public Key Encryption, EFS2-4

Types of Encryption Software

Background, Types4-5

Why You Should Use Encryption

Background, Internet, Personal Computers & Laptops5-7

What You Should Encrypt

Personally Identifiable Information & Intellectual Property, E-Mail7-8

Strengths of Data Encryption8-9

Weaknesses of Data Encryption9

Audit Implications

Attest Audit, Audit Assurance9-11

Auditors Thoughts on Encryption

Auditors Survey Results, Companies Security Problems11-12

Conclusion

Closing Comments12-13

Bibliography14-15

Description of Encryption

Description and Brief History

Encryption is widely used today because it is said to be the most effective way to achieve data security ("Encryption”). Encryption converts data into a secret code so that it can only be read by someone who has the right encryption key to unscramble it. The earliest known encryption method was created in 60BC and was called the Caesar cipher, where Julius Caesar is said to have used this method to send coded messages to his generals in the field (Hall, 84). Over the past few centuries, encryption has strongly developed, and new systems have been created. There are two important fundamental components to encryption, a key and an algorithm. The key is a mathematical value that the sender selects and the algorithm is the method of shifting each letter in the message to the number of positions that the key value specifies (Hall, 84). The receiver of the cipher text message then reverses the process to decode the underlying message. Today’s algorithm methods are far more complex, in that the encryption keys may be made up to 128 bits in length. This is done because the more bits there are in the key, the stronger the encryption method (Hall, 85). Types of Encryption

Private Key Encryption

There are several types of encryption methods and the two most commonly used are private and public key encryption. Private and public keys are used in two main encryption systems, symmetric and asymmetric. Symmetric encryption requires the private code to be installed on specific computers that will be used for exchanging messages between particular users ("Public and Private Key Encryption Systems"). Advanced encryption standard (AES) is a 128 bit encryption technique that is a United States government standard for private key encryption. This standard algorithm uses a single key that is known by both the sender and receiver of the message. In order to encode the message, the sender provides the encryption algorithm with the key that is used to produce the cipher text message. The message then enters into the communication channel, where it is transmitted to the receiver’s location, and is then stored and ready to be decoded. Triple-DES encryption is an improvement to an older technique called the data encryption standard (DES). Triple-DES has provided substantial improvement on the security of most single encryption techniques. There are two forms of triple-DES encryption, EEE3 and EDE3. EEE3 uses three different keys to encrypt the message three times. However, EDE3 uses one key to encrypt the message, a second key to decode it, and a third key to encrypt the garbled message created by the second key since the key used is different from the one that encrypted it to begin with (Hall, 85). Public Key Encryption

The asymmetric encryption system incorporates both the private and public keys. The private key is for the individual and the public key is available online for other...